Starting an eCommerce business in South Africa – Part 2: Payments

In this part we’re going to focus on the various payment methods, things to consider when choosing your payment gateway, integration with your chosen shopping cart system, payment restrictions, security and the payment landscape.

What we aren’t going to focus on here are the numerous payment gateways out there and nit-pick between all of them.

This is a long post, so let’s get to it.

Payment Methods

Omnichannel payments are becoming a cornerstone and trademark of eCommerce, there are literally dozens of ways to pay online with new payment methods continually being developed and existing methods being improved upon.

Here is a look at not only the payment methods that we offer, but also some of the other methods available out there.

Credit Cards

Credit cards are the most widely used online payment method and allow sellers to accept both local and international payments. Any merchant should make card payments their first priority when setting up their payment methods.

As an example, with PayFast merchants can accept payments from two of the most widely used card providers Visa and Mastercard. There are other payment providers that offer the likes of American Express and Diners Club, but bear in mind that there cards carry higher costs and odds are that the client using one of those cards will also have a Visa or MasterCard…

Instant EFT

Instant EFT is PayFast’s patented method of completing online purchases by making an internet banking transfer and unlike traditional EFT payments it gets instantly verified. There is no two day wait*, you don’t need to send in proof of payment** and it can be used with South Africa’s four biggest banks: ABSA, FNB, Nedbank and Standard Bank.

**In the event of a clearing delay or incorrect submission of reference info a proof of payment may be required in order for PayFast to clear the payment.

Bitcoin

Bitcoin is an innovative digital payment method, performed over a peer-to-peer network and the most popular Cryptocurrency available. PayFast have partnered with Luno (previously known as BitX) to allow sellers to accept Bitcoin payments.

Buyers can purchase Bitcoin in a variety of ways (in almost any country in the world) and use it in a variety of ways: including online purchases using PayFast.

Buyers simply pay the Bitcoin amount (at the current rate of exchange) during checkout. Sellers will still receive South African rand, just like with all our other payment methods.

Neither PayFast nor the seller receives or stores any Bitcoin, so there aren’t any risks of security, volatility or exchange rate fluctuations.

mobicred is an online account that gives buyers access to credit, which they can use on PayFast. The facility works in a similar fashion to retail store credit: only online. mobicred charges interest rates comparable to those of credit card providers and only levies monthly fees while the account is used (unlike most credit cards).

Masterpass works with all major credit, cheque and debit cards and secures the users data using industry leading technology.

Benefits

Ease of use

Simpler checkout (reducing cart abandonment)

Payments reflect immediately in your PayFast account

Advanced fraud protection

PayD

In addition to credit and cheque cards, you can also accept debit card payments with PayFast and payD. Debit cards are much more prevalent in South Africa than credit cards and you’ll get access to the millions of buyers without credit cards. Transactions are final and there is no risk of chargeback to the seller.

Choosing your Payment Gateway

Nowadays there are plenty of payment gateways to choose from and this is where things can become complicated.

Here are just a couple things to consider when choosing your payment gateway:

Is the payment gateway supported by your chosen eCommerce platform?

Always try to choose a payment gateway that already has a plugin for your eCommerce platform.

You can view the eCommerce platforms that integrate with PayFast here.

Do you have a merchant account?

Some payment gateways (like PayFast) offer an all-in-one payment solution. Others only provide the payment gateway service and require you to have your own merchant account. Generally, if you’re starting up using a provider that offers both is the most cost effective choice.

How do you want to take payment details from customers?

Payment form on your site and details sent to your server – not the most secure, not cost effective and you are directly responsible for security.

Payment form on your site and details NOT sent to your server – a compromise of sorts and although you have fewer security concerns, it is still far more than with a redirect or iFrame.

Redirect or secure iFrame – the most secure option, but probably won’t match the look & feel of your site.

What payment methods does the gateway offer?

Always make sure that the payment offers at least some or all of the payment methods that you would like to use.

Make sure that the payment methods offered are the methods most commonly used in your market.

What are the Fees?

Does the payment gateway charge monthly, set-up fees, fixed per-transaction fees, variable fees…etc. – this is a big one and shouldn’t be overlooked as it will directly impact your bottom-line.

This may seem obvious, but the fees displayed will more than likely be excluding VAT (yes payment gateways pay tax too) – we get asked about this a lot!

Is there a contract?

Some payment gateways lock you into contracts, while others give you the freedom to use the service without the need for contracts or monthly fees. If you aren’t happy with your chosen provider would you rather be locked into a two-year contract, or would you rather have the freedom to move on as you desire?

Do you want to use more than one payment gateway?

A lot of shopping carts allow for the use of multiple payment gateways. This can be useful in offering additional payment options that your primary gateway may not offer, or as a backup if your primary payment gateway has any problems.

Be aware of the fact that this is South Africa and not all payment gateways transact in Rands, this becomes an issue when you have set your base currency as Rands and the alternate payment gateway simply doesn’t support the option.

Local vs International payment gateway?

The major difference between local and international payment gateways is that the local service transacts in Rands, whereas the payment gateways that are based overseas transact in their respective currencies (e.g. US Dollars), even in South Africa.

With PayFast, merchants will receive payouts into a South African bank, which is not generally the case with overseas payment providers.

Overseas payment providers fees are higher on average than PayFasts and don’t forget about those currency conversion costs, which you don’t have to worry about with us.

Payment processing is serious business and it’s critical to your business, so you’ll want to pick a gateway that has a good reputation and is well known, as opposed to a one that nobody has ever heard of.

Another thing to consider is if the gateway has had any significant breaches or security issues, especially in recent times.

You might want to look at how the gateway treats their merchants and if there are any glaring issues there. Don’t necessarily just focus on public and social media complaints though, since those tend to be inflammatory, one-sided and often don’t take into account the gateway’s perspective…so take this information with a pinch of salt. It’s often best to speak directly to merchants using both your chosen platform and potential gateway to get the most well-rounded feedback.

Does the payment gateway offer decent security and support?

This is ultimately a “how long is a piece of string” question, because all reputable payment gateways offer some level of support and security, if your gateway doesn’t, then you could be in for a world of hurt down the line.

Check to see if the payment gateway in PCI compliant and what level they are at.

Does the payment gateway respond to support queries within a reasonable amount of time?

How much security and support do you get when using a particular shopping cart & payment setup? Some setups mean that you will take on the security risk (as mentioned earlier), but also if the shopping cart integration was done by the shopping cart platform then support would more than likely come from the shopping cart platform as opposed to the payment gateway. In this scenario the payment gateway would only provide support relating directly to payment processing.

Payment Gateway Integration

Because eCommerce has developed so significantly over the last decade or so, setting up Payments is now easier than ever.

Don’t worry if you’re not looking to integrate with one of our existing integrated platforms or just want a simpler payment option, PayFast also provide the following integration options:

But if you’re like most eCommerce merchants then you’ll more than likely be wanting to integrate your payment gateway with one of the major eCommerce platforms.

Below are some guides to help you out:

Platform integration

Integration can still be tricky and require a fair amount of work if the payment gateway hasn’t yet integrated with your chosen platform. Thankfully PayFast has already integrated with many shopping cart platforms to make setting up payments a breeze.

For the purpose of this series we’re going to show you how to integrate with the shopping carts we looked at in Part 1 of this series.

Firstly, in order to use PayFast with any of these platforms you will need to register and verify your free PayFast account.

You will also need your PayFast Merchant ID and Merchant Key.

Shopify

Log into your Shopify admin, click Settings > Payments. In the “Accept Credit Cards” section, select “PayFast” from the drop-down menu and enter your PayFast Merchant ID and Merchant Key (you can also obtain this information from the Accounts page on PayFast once logged in).

Unfortunately, sandbox (test) mode for PayFast has not yet been enabled on Shopify. This integration has, however, been tested extensively, so as long as you enter your correct Merchant ID and Merchant Key you should not have any problems. To test that everything is working correctly, you could create a low priced product, a minimum of R5.00 is required to test credit cards, make this product invisible to the public and complete a purchase in live mode, making a note of anything that needs changing or fixing along the way.

It’s possible to test whether the PayFast payment gateway is connecting correctly before going live. To do this, place the gateway in Sandbox Mode by enabling PayFast Sandbox. This will replace your Merchant ID and Merchant Key with an ID and Key for the Merchant Sandbox testing area.

PrestaShop

This will show you how to setup PrestaShop cloud, to setup the self-hosted version click here

To install the PayFast payment module, follow the instructions below:

Download the PayFast addon from the PrestaShop addons site

Navigate to modules in the admin dashboard of your PrestaShop cloud site

Click on ‘Add New Module’ in the top right corner of the screen and follow the prompts

Select the PayFast addon downloaded in step 1 for upload

If you are not able to select a file for upload you may need to logout of the PrestaShop addons site (navigate to your profile, select ‘Preferences’ and then ‘Log out of addon account’), then repeat the installation process from step 2

Click on the “Install” button to install the module

Once the module is installed, click on “Configure” below the PayFast name.

The PayFast options will then be shown, and you will see the module is ready to be tested.

Leave everything as per default and click “Save” in order to test in sandbox mode

Input your Merchant ID, Merchant Key and PDT Key* – these can be found on the settings page of your PayFast account.

*The PDT is actually made use of and the input requirement should be done away with at some point.

Restrictions

Something that is often overlooked when signing up with a payment gateway are the restrictions that a gateway might have. Here is a look at some of the common restrictions:

Credit Card Limit

Per transaction card limits are put in place to protect both the payment gateway and merchant from potential fraud and other risks. You can generally request to have this limit increased and certain factors will be taken into consideration when doing so:

Your history with the payment gateway

The nature of your business

The new limit required

Where you expect transactions to be coming from

Once your limit has been increased, it is not uncommon for a retained balance to be added to your account.

Retained balance

A retained balance is a portion of funds which you will not be able to withdraw from your account until a certain period of time has passed once you close the account (eg: 90 days).

You can think of this retained balance as a security deposit, the size of which is determined by the risk associated with your account. The higher the level of risk, the higher the retained balance.

International Payments

Not all payment methods offered by your payment gateway will be available to international buyers, make sure that you are aware of what is available to them and advise potential international buyers accordingly.

Receive funds in other currencies

If your payment gateway is a South African company then they are only allowed to accept Rand as payment by law. Even if your store displays the price of an item in another currency your base currency will be in Rands.

Recurring payments

Not all payment gateways allow for receiving recurring payments. Make sure to cater for this should your chosen gateway not provide this service.

Payouts

Be sure that you know when and where your funds will be paid out to. For example, most payment gateways will only payout into local bank accounts. It’s also a good bet that your gateway won’t payout funds to a credit card.

Payouts will generally need to be requested and payments are subject to 48 – 72 hour holding periods before a payout can be requested, thereafter it could take up to 2 working days for the funds to reflect in your bank account.

Security

The fundamentals that you want to consider when it comes to security are:

How secure is the Payment gateway? (Using PayFast as a bench mark)

PayFast is PCI level 1 compliant (the highest level)

PayFast is developed with the same demands on security and performance as web sites used for banking services and share trading. Your account login, personal details and all money transactions are secured using Secure Socket Layer (SSL) technology with high security 256 bit encryption.

Your sensitive financial information (like credit/debit card details) is never sent to the people/businesses you make payment to.

We make use of 3D Secure to further enhance the security of credit card transactions on PayFast.

If your chosen payment gateway doesn’t meet these criteria then you should consider looking elsewhere.

How do I make sure that my account is as secure as possible?

Login restrictions by hostname / IP or Country

For added security it is possible for you to restrict your login to your account to a hostname/IP address and country. This will prevent anyone accessing your account from unauthorised locations/devices and notify you if anyone is attempting to do so – learn more.

Two-Factor Authentication

Two-factor authentication is a simple method of asking for something you know (your password) and something you have (your mobile phone). After you enter your email address and password, you’ll be prompted to enter a code. This code can be generated using a free iPhone/Android app called Authy, or you can have it sent to you via SMS – learn more.

Abnormal login notifications

The abnormal login notification sends an email to notify you if there is a login to your account from a location which is outside of your normal behaviour – learn more.

What can I do to prevent Fraud?

Restrict Credit Cards from certain countries

One of the easiest ways to secure yourself against online fraud is to limit receiving funds from credit cards issued in the country that your online business serves – learn more.

Be aware of suspicious emails (phishing scams)

Phishing scams happen when a fraudster contacts you, claiming to be a representative of PayFast or you receive fake “automated” system messages which appear as if they were sent by our system. The goal is to trick you into believing that a payment has been made to your account and getting you to deliver items you might be selling or to retrieve sensitive financial information from you. – learn more.